← Back to context

Comment by bsza

1 day ago

What counts as "large"? I'm pretty sure at some point in my life I'd opened the entirety of Moby Dick in Notepad. Unless you want to look for text in a binary file (which Notepad definitely isn't for) I doubt you'll run into that problem too often.

Also, I hope the irony of you citing Notepad++ [1] as what Notepad should aim to be isn't lost on you. My point being, these kinds of vulnerabilities shouldn't exist in a fucking text editor.

[1] https://notepad-plus-plus.org/news/hijacked-incident-info-up...

5 comments

bsza

Reply
breppp  1 day ago

I know about the vulnerabilities in notepad++, however I was referring to the feature set.

Regarding large, I am referring to log files for example. I think the issue was lack of use of memory mapped files, which meant the entire file was loaded to RAM always, often giving the frozen window experience

vel0city  1 day ago

> What counts as "large"?

Remote into a machine that you're not allowed to copy data out of. You only have the utilities baked into Windows and whatever the validated CI/CD process put there. You need to open a log file that has ballooned to at least several hundred megabytes, maybe more.

Moby Dick is about 1MB of text. That's really not much compared to a lot of log files on pretty hot servers.

I do agree though, if we're going to be complaining about how a text editor could have security issues and pointing to Notepad++ as an example otherwise, its had its own share of notable vulnerabilities even before this update hijacking. CVE-2017-8803 had a code execution vulnerability on just opening a malicious file, this at least requires you to click the rendered link in a markdown file.

  • bsza  1 day ago

    Oh right, generated files exist. Though logging systems usually have a rollover file size you can configure, should this happen to you in real life.

    Honestly I'm okay with having to resort to power tools for these edge cases. Notepad is more for the average user who is less likely to run into 100 MB text files and more likely to run into a 2 kB text file someone shared on Discord.

    • JCattheATM  1 hour ago

      > Notepad is more for the average user who is less likely to run into 100 MB text files and more likely to run into a 2 kB text file someone shared on Discord.

      There's no reason it shouldn't handle both use cases.

    • vel0city  21 hours ago

      > Though logging systems usually have a rollover file size you can configure, should this happen to you in real life

      I get what you're saying. But if things were done right I probably wouldn't have to be remoting into this box to hunt for a log file that wasn't properly being shipped to some other centralized logging platform.